March 2012- Microsoft Releases 6 Security Advisories

SEVERITY

// ADVISORY DATE

DESCRIPTION

Microsoft addresses the following vulnerabilities in its March batch of patches:

(MS12-017) Vulnerability in DNS Server Could Allow Denial of Service (2647170) Risk Rating: Important

This update resolves a privately reported vulnerability in Microsoft Windows that could allow denial of service if a remote unauthenticated attacker sends a specially crafted DNS query to the target DNS server. Read more here.

This update resolves a privately reported vulnerability in Microsoft Windows that could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. Read more here.

(MS12-019) Vulnerability in DirectWrite Could Allow Denial of Service (2665364) Risk Rating: Medium

This update resolves a publicly disclosed vulnerability in Windows DirectWrite. In an Instant Messenger-based attack scenario, the vulnerability could allow denial of service if an attacker sends a specially crafted sequence of Unicode characters directly to an Instant Messenger client. Read more here.

This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. Read more here.

(MS12-021) Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)Risk Rating: Important

This security update resolves one privately reported vulnerability in Visual Studio. The vulnerability could allow elevation of privilege if an attacker places a specially crafted add-in in the path used by Visual Studio and convinces a user with higher privileges to start Visual Studio. Read more here.

This security update resolves one privately reported vulnerability in Microsoft Expression Design. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .xpr or .DESIGN file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Read more here.

TREND MICRO PROTECTION INFORMATION

Trend Micro Deep Security shields the following vulnerabilities using the specified rules. Trend Micro customers using OfficeScan with the Intrusion Defense Firewall plugin are also protected from attacks using these vulnerabilities.